[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stable update for backup-manager


On Fri, 2010-01-22 at 15:11 +0100, Sven Joachim wrote:
> I would like to upload a new version of the backup-manager to stable in
> order to fix a (relatively minor) security issue.  The fix is trivial,
> just transposing to lines and thus ensuring that a password is not
> written to a file until the world is denied read access.  Full debdiff
> is attached.
> There is certainly no need for a DSA, since the problem is similar to
> CVE-2007-2766 (to be fixed in oldstable, no DSA), but even harder to
> exploit.

It does indeed seem somewhat difficult to exploit. :)  However, that
doesn't imply that it shouldn't be fixed; please go ahead.



Reply to: